Moving Towards ntopng 1.1

It has been a busy summer here at ntop. Since the initial ntopng 1.0 release, we have tried to fill the gap in terms of missing with respect to the original ntop. This post is to update you about the new features of the upcoming 1.1 release schedule for this fall and that are currently available in the SVN development tree:

Ability to support multi-interfaces. This means that you can repeat on the command line “-i <interface>” multiple times, one per interface you want to add.

Use of HTTP sessions for opening multiple independent web views of the same ntopng.

Local hosts are now persistent (unless configured differently). This means that is host a.b.c.d is idle and is purged from memory, its state is saved in redis and thus as soon as a.b.c.d starts making traffic again, it is restored from the cache with all previous counters (in the original ntop all counters start from zero again). Obviously you can restore an host at any time, simply searching it on the search box.

(Most [we need some more work to update all reports]) Reports update dynamically counter values, so that you do not have to reload the page to see what happens.

Counters have now a trend indicator to immediately figure out which one are changing with respect to the recent past.

Throughout has now aa live graph so that you can see how the value changes overtime.

We have introduced animated GeoMaps so that you can see where the traffic goes. The map is automatically centred on your location (if known) thanks to HTML 5.

Inside hosts and interface we have added various statistics that were not included in 1.0 such as packet distribution or host contacts (list of peers that contacted a specific host in the recent past).

All objects are now JSON-friendly, so that you can download for instance a snapshot of a host through it.

As in ntopng everything is realtime with 1 sec granularity, it is possible to depict what happens when it happens. No average values over 5 minutes such as with NetFlow, but pure realtime data. ntopng offers now a new view that enables network administrators to see in a consistent place what traffic top hosts are doing at any given time though a dynamic, scrollable timeline.

Expired flows are now saved, if configured, in a SQLite database so that use SQL to play with them.

There are many other items we would like to include (alarms, PDF reports, cloud storage….) and based on the development cycle, we will decide if put them in 1.1 or leave them for version 1.2. For sure we plan to soon release the specifications of the Lua API so that you can start customising ntopng.

This said we are happy to read that ntopng had been downloaded by many users who are running it on very different hardware platforms (from RaspberryPI and up) and distributions (we have been noticed that a Gentoo and Debian packages are now available). We encourage you to provide your feedback on this pre-release code so that we can address all open issues.